And it isn’t limited to Facebook. Social media sites in general have become hunting grounds for fraudsters searching for any opportunity to scam you or steal your identity. In Australia, the stats for identity theft are high. 1 in 5 people have had their personal information misused (with money being stolen ranging from just a few dollars to a whopping $310k). And in the UK, 2015 figures show a 52% rise in young identity fraud victims. The thing is, people often don’t realise there’s a problem until they receive a bill in their name for something they didn’t buy or they have problems with their credit rating.

“People put everything out there on social media. All you need [to steal someone’s identity] is their full name, their date of birth, sometimes their place of birth and an account number. With that information all over the internet then it’s very easy to piece together.”

Intrusive Content

To add to the problem, there’s a trend emerging with people using public Facebook community groups to find flatmates and post accommodation ads. But unlike the flatmate.com platform where your personal information is secure and protected, the info shared in these public groups is available for all to see. And some of the things being shared is concerning.

The other problem with these public groups is that anyone is able to post content and so they’re frequently bombarded with offensive posts and spamming. While administrators can block a person, it doesn’t actually stop the spamming, it just prevents further users from seeing the content. Often, the damage is already done with many people having been subjected to malicious links or intrusive content.

Through your Facebook profile alone, fraudsters can learn your name, date of birth, location, employment, friends, contact details and – on a deeper level – your interests and hobbies. With this level of information, they can build convincing email or impersonation scams tailored especially to you.

And you’re far more likely to respond to an email you think is coming from a group you belong to or a person you know.

It’s surprising how liberal people are with their personal information when the threat of online scams and identity fraud is so widespread.

How can you protect yourself?

Greg Austin, Professor in Cyber Security, Strategy and Diplomacy at the University of NSW in Australia warns,

“Inclusion of your own address details in Facebook posts is not in general a problem, since such details can easily be found on an electoral role for those over 18 years old. But equally important must be the principle of ‘privacy first’ when we post anything to the web, especially birth dates and details of relatives and children. Identity theft depends on access to such information. Cyber bullies and more serious criminals will exploit anything they can find.”

Some people go to extreme measures setting up several Facebook accounts and swapping between them every couple of months. The problem here is, it violates Facebook’s terms of service, which states you can only have one account. The theory behind the approach is that fraudsters can’t piece together who you really are.

Of course, there are other ways of protecting yourself without violating Facebook’s terms of service:

Use a nickname instead of your real name. This way, you’re less vulnerable if your details are exposed.

If you’re seeking a flatmate, don’t post your address and holiday details in public posts. Give general information and ask interested candidates to send you a personal message. You can then go through the necessary security checks to make sure they are who they say they are. Even better, use com’s secure and protected platform.

Tweak your birthdate. Yes, we all love to receive birthday greetings on our Facebook wall, but your birthdate is one of the key pieces of information needed to steal your identity. If birthday messages are that important to you, change your birth year. But remember, Facebook will only give you once chance to change your birthdate.

Don’t geotag photos. All a person has to do is right click on one of your photos to see the location details of where it was taken. If you’re using an iPhone, turn off location services for your camera (and all other apps if you want to be super vigilant). And don’t post photos, which show known or famous landmarks where people can quickly place your location.

Don’t add your phone number to your profile. All fraudsters have to do is type your mobile number into the search bar and (depending on your privacy settings) they can access your name, photos and location.

Limit your privacy settings so that your personal information and posts can only be seen by your friends.

Stay guarded. The more you post about your life, your plans, interests etc. the more vulnerable you are to scams. So don’t let the world know where you live, holiday or what car you drive. Keep some things to yourself. And before you create a post, consider whether the information you’re sharing could be used against you.

Use a group photo for your profile pic so that it can’t be used for identification – and NEVER use a passport photo (it happens).

Use a hard to crack password, which includes digits, characters and upper and lower cases.

Don’t click on suspicious links, even if they are from friends as their account may have been hacked.

When it comes to social media, the only person responsible for the security of your personal information is you. It’s easy to become complacent because you assume you’re ‘among friends’, but the reality is you have no idea how your information is going to be used. So, be careful what you share. Remain suspicious, paranoid even. It might just save you from making a very expensive mistake.

To find out more about protecting yourself from online scams and identity fraud, visit Stay Smart Online.

Gemma Hawdon is a writer, editor, music lover and unintentional destroyer of household plants. She’s had a few flatmates in the past, including a French student who insisted on walking about the house naked. These days, she prefers to live with her husband and kids in Melbourne.